Jump to content


Photo
- - - - -

Logging on VPN servers?


  • Please log in to reply
12 replies to this topic

#1 lightleptonparticle

lightleptonparticle

    Member

  • Members
  • PipPip
  • 25 posts

Posted 18 July 2013 - 10:06 PM

I'm wondering if any of the VPN servers are required by law in the country they are actually hosted to provide customer identifying information. I'm thinking in particular of EU Data Retention Directive and a country such as UK, where Hide My Ass had to provide logs when demanded.

 

So my question is simple, does AirVPN VPN servers retain data that actually allows correlation between ingoing and outgoing connections on VPN servers?

 

I understand that a powerful adversary can monitor ingoing and outgoing connections regardless of what the VPN server does. But without knowledge of what takes place inside the VPN server, when many users are online at the same time, it may become dfificult to determine what data belongs to the respective users?

 

However if the server itself keeps any sort of information that allows a mapping between ingoing socket X and outgoing socket Y, then all bets are off?

 

These are just assumptions, feel free to correct me where I am wrong.



#2 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7855 posts

Posted 19 July 2013 - 12:42 AM

Hello,

 

we don't keep any log that can be exploited to identify a customer or a VPN client IP address and there's no law (not even in the UK) which enforces that. In the countries we operate, either our service is not within the scope of 2006/24/EC transposition, if such transposition exists, the 2006/24/EC transposition has been declared unconstitutional, or the transposition does not exist.

 

Additionally, we do not monitor or inspect OpenVPN clients traffic and we do not transmit any data to third parties while a client is connected to a server.

 

Kind regards



#3 lightleptonparticle

lightleptonparticle

    Member

  • Members
  • PipPip
  • 25 posts

Posted 19 July 2013 - 04:46 AM

Thank you for the reply!



#4 lightleptonparticle

lightleptonparticle

    Member

  • Members
  • PipPip
  • 25 posts

Posted 20 July 2013 - 06:20 AM

Forgive me to bring up an old thread, but I'm a little confused about the following:

 

Just came across this thread....interesting reading.
So is it really true that if a person from say the USA is connected to a USA server, then that data-center could provide the real IP of the person connected?
If so, how does the argument that no logs are kept stand true, with regard to protecting the anonymity of the AirVPN subscriber?
AirVPN does not keep logs, and they can stick with that fact, but if they are using USA data-centers for their servers then the data-center is the weak link and basically AirVPN's promise is not worth the paper it's written on?
Or am I missing something here?



Hello!

Theoretically this can be done on any VPN, proxy, TOR etc. service and without limitations on the customer's country IP address. If you can't afford to run such a risk (or trust us) you need to hide your real IP address to our servers and datacenters even while you're connected. This can be easily done as explained here:
https://airvpn.org/tor

You might also like to read here (partition of trust and further considerations):
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

Kind regards

 

 

I'm unsure what exactly this means: "Theoretically this can be done on any VPN"

 

From what I was told in this thread there is no logging on the VPN server itself. However, the data center that hosts the VPN server could still be asked to provide information about who (as in what IP and port) are connecting to this hosted VPN server? As far as I can understand this alone would not reveal any information regarding what a customer is actually doing, again because the data might be difficult to separate even if monitoring everything going in and out of the VPN server?

 

So returning to the "Theoretically this can be done on any VPN", what can be done is simply determine that a particular person is using the VPN server? Is that correct?



#5 bobber6

bobber6

    Advanced Member

  • Members
  • PipPipPip
  • 43 posts

Posted 20 July 2013 - 10:32 AM

A thread at Wilders touches this subject, in the light of the present knowledge about the extent of surveillance ,ie. ,agencies having complete access to cables/servers , you'd better assume you will/can be compromised.

"partition of trust" is indeed a good aproach .

 

http://www.wilderssecurity.com/showpost.php?p=2182902&postcount=1



#6 lightleptonparticle

lightleptonparticle

    Member

  • Members
  • PipPip
  • 25 posts

Posted 20 July 2013 - 05:36 PM

A thread at Wilders touches this subject, in the light of the present knowledge about the extent of surveillance ,ie. ,agencies having complete access to cables/servers , you'd better assume you will/can be compromised.

"partition of trust" is indeed a good aproach .

 

http://www.wilderssecurity.com/showpost.php?p=2182902&postcount=1

 

Even if some powerful adversary would monitor everything going in and out of a VPN server I don't see how that is relevant. As long as whatever happens inside the VPN server is not possible to observe then it would still likely be difficult to determine what traffic belongs to a particular user on some server that sees traffic from several users at the same time. Don't you agree?

 

As for physically breaking into the data center and maybe patching the system, that just seems a bit too unlikely for me.



#7 bobber6

bobber6

    Advanced Member

  • Members
  • PipPipPip
  • 43 posts

Posted 20 July 2013 - 08:57 PM

 

As for physically breaking into the data center and maybe patching the system, that just seems a bit too unlikely for me.

No offense , but where have you been the last weeks?

https://airvpn.org/topic/9587-gchq-taps-fibre-optic-cables-for-secret-access-to-worlds-communications/#entry10739

 

 

The Guardian revealed on Friday that GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m "telephone events" a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the "metadata" which records who has contacted who. The programme is shared with GCHQ's American partner, the National Security Agency.



#8 mage1982

mage1982

    Advanced Member

  • Members
  • PipPipPip
  • 68 posts

Posted 20 July 2013 - 09:47 PM

Even if some powerful adversary would monitor everything going in and out of a VPN server I don't see how that is relevant. As long as whatever happens inside the VPN server is not possible to observe then it would still likely be difficult to determine what traffic belongs to a particular user on some server that sees traffic from several users at the same time. Don't you agree?

It is not that difficult, unfortunately. Simplified case: Let's say there is some major event going on, so that everyone is out in the streets, and only three AirVPN users are online at one particular data center. One is browsing Wikipedia, one is checking gmail, and one is chatting on IRC. As long as all three are not sending and receiving data at the same time, it is trivial for an observer to see that when user A sends data to the AirVPN server, data gets sent on to Wikipedia; and then a webpage comes back, first to the server, and then to user A. (At that point, ask Wikipedia who was logged in.)

That is the simple and unrealistic scenario. In actual use, the adversary would have to use statistical methods to see that, say, 93% of the time user A sends and receives data, data gets sent on to destination X. And the longer you can listen, and the more data you can capture, the more certain you can get. [note]

This is called an "intersection attack", and is a problem for any system that wants to provide both anonymity and real-time response. The extreme case is if the adversary can monitor both your connection to your ISP, and the Internet connection of the service you are using - an intersection attack would work here no matter what is in between.

So if there is a "global passive adversary" (another known phrase to look up), there is little we can do. But someone who can only operate within a single nation is going to have a bit of trouble if you use a server located in a different country.

note : So if you could save data on all connections, all the time, you could go back and look for patterns later, and expect a high success rate. This is why having all this "metadata" is so interesting for the three-letter agencies..

#9 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7855 posts

Posted 21 July 2013 - 12:51 AM

This is called an "intersection attack", and is a problem for any system that wants to provide both anonymity and real-time response. The extreme case is if the adversary can monitor both your connection to your ISP, and the Internet connection of the service you are using - an intersection attack would work here no matter what is in between.

 

Hello,

 

we wrote something last year about how to defeat an adversary with similar powers, or multiple adversaries that co-operate with each other (and also with some higher powers):

 

https://airvpn.org/topic/54-using-airvpn-over-tor/#entry1745

 

Kind regards



#10 lightleptonparticle

lightleptonparticle

    Member

  • Members
  • PipPip
  • 25 posts

Posted 21 July 2013 - 05:59 AM

 

As for physically breaking into the data center and maybe patching the system, that just seems a bit too unlikely for me.

No offense , but where have you been the last weeks?

https://airvpn.org/topic/9587-gchq-taps-fibre-optic-cables-for-secret-access-to-worlds-communications/#entry10739

 

 

>The Guardian revealed on Friday that GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m "telephone events" a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the "metadata" which records who has contacted who. The programme is shared with GCHQ's American partner, the National Security Agency.

 

 

I fail to see how this is relevant. Some adversary could monitor the entire Internet in real time but might still find it difficult to determine which outgoing traffic at a VPN belongs to a paticular customer. Obviously this task becomes increasingly difficult as the number of active users on a VPN increases. At some point this becomes too difficult if not impossible and requires knowledge about what takes place inside the VPN server.



#11 lightleptonparticle

lightleptonparticle

    Member

  • Members
  • PipPip
  • 25 posts

Posted 21 July 2013 - 06:27 AM

Even if some powerful adversary would monitor everything going in and out of a VPN server I don't see how that is relevant. As long as whatever happens inside the VPN server is not possible to observe then it would still likely be difficult to determine what traffic belongs to a particular user on some server that sees traffic from several users at the same time. Don't you agree?

It is not that difficult, unfortunately. Simplified case: Let's say there is some major event going on, so that everyone is out in the streets, and only three AirVPN users are online at one particular data center. One is browsing Wikipedia, one is checking gmail, and one is chatting on IRC. As long as all three are not sending and receiving data at the same time, it is trivial for an observer to see that when user A sends data to the AirVPN server, data gets sent on to Wikipedia; and then a webpage comes back, first to the server, and then to user A. (At that point, ask Wikipedia who was logged in.)

That is the simple and unrealistic scenario. In actual use, the adversary would have to use statistical methods to see that, say, 93% of the time user A sends and receives data, data gets sent on to destination X. And the longer you can listen, and the more data you can capture, the more certain you can get. [note]

This is called an "intersection attack", and is a problem for any system that wants to provide both anonymity and real-time response. The extreme case is if the adversary can monitor both your connection to your ISP, and the Internet connection of the service you are using - an intersection attack would work here no matter what is in between.

So if there is a "global passive adversary" (another known phrase to look up), there is little we can do. But someone who can only operate within a single nation is going to have a bit of trouble if you use a server located in a different country.

note : So if you could save data on all connections, all the time, you could go back and look for patterns later, and expect a high success rate. This is why having all this "metadata" is so interesting for the three-letter agencies..

 

Wouldn't you agree that on a real system, where perhaps several users are streaming Youtube video at the same resolution at the same time, that finding out who is streaming which video, is difficult?



#12 mage1982

mage1982

    Advanced Member

  • Members
  • PipPipPip
  • 68 posts

Posted 21 July 2013 - 09:47 AM

Wouldn't you agree that on a real system, where perhaps several users are streaming Youtube video at the same resolution at the same time, that finding out who is streaming which video, is difficult?

Depends. It would be difficult if Youtube streams everything encrypted and doesn't cooperate, but I believe streaming goes out over plain unencrypted http. (I could be wrong.) So you should be able to find out what video a certain stream is just by looking at it.

Then you'd have to link the streams to users somehow, that's where the intersection attack comes in. You could just log data about all connections for long enough - presumably not everyone loads up the video page at the exact same time - and pull it apart after the fact.

And it might be even easier than that, with specialized equipment. I'm not in the networking business, but I would be surprised if hardware to do this sort of thing wasn't commercially available, given that there is legitimate use for it. (Well, what is "legitimate" depends on what side of the fence you are on.)

But in practice, I believe that once you cross enough borders, logging becomes impractical. Pick an exit somewhere that is not likely to cooperate with whomever you want to remain hidden from, that ought to be enough for most normal people who just want to access blocked sites, get at gay porn where that is illegal or download what others watch on TV..

#13 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7855 posts

Posted 21 July 2013 - 10:18 AM

Wouldn't you agree that on a real system, where perhaps several users are streaming Youtube video at the same resolution at the same time, that finding out who is streaming which video, is difficult?

Depends. It would be difficult if Youtube streams everything encrypted and doesn't cooperate, but I believe streaming goes out over plain unencrypted http. (I could be wrong.) So you should be able to find out what video a certain stream is just by looking at it.

 

Hello,

 

as a side note: you should be right, while you can access YouTube web site over SSL/TLS, the videos download is not encrypted end-to-end (not to be confused with encryption of the content for DRM purposes, which is active on some videos and that can be "circumvented" by anyone), according to a quick research performed by Martin Sauber at the end of 2012:

 

http://mobilesociety.typepad.com/mobile_life/2012/12/observation-youtube-is-now-https-but-the-streams-are-not.html

 

Re-performing that test, now that 7 months have passed since the writing of the article, is easy with Wireshark.

 

Kind regards







Similar Topics Collapse

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 15347 - BW: 54820 Mbit/sYour IP: 52.201.27.211Guest Access.